[FFmpeg-devel] [PATCH 2/4] avformat/avio: Limit url option parsing to the documented cases
Michael Niedermayer
michael at niedermayer.cc
Wed Jan 20 21:40:24 CET 2016
On Wed, Jan 20, 2016 at 09:21:30PM +0100, Michael Niedermayer wrote:
> On Wed, Jan 20, 2016 at 11:10:28AM +0100, Michael Niedermayer wrote:
> > From: Michael Niedermayer <michael at niedermayer.cc>
> >
> > This feature is not know much or used much AFAIK, and it might be helpfull in
> > exploits.
> > No specific case is known where it can be used in an exploit though
> > subsequent commits depend on this commit though
> >
> > Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> > ---
> > libavformat/avio.c | 11 +++++++++--
> > 1 file changed, 9 insertions(+), 2 deletions(-)
>
> applied
also if these are needed elsewhere we can revert this (if nothing
depends on it) or extend what can use this but i like to rather lock
things down a bit and fix a regression than leave it unneccesarily
open when it plausibly has no users
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
DNS cache poisoning attacks, popular search engine, Google internet authority
dont be evil, please
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: Digital signature
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20160120/9820e3c0/attachment.sig>
More information about the ffmpeg-devel
mailing list